Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

AtlasMenu/...ts.url

windows7-x64

1

AtlasMenu/...ts.url

windows10-1703-x64

1

AtlasMenu/...ts.url

windows10-2004-x64

1

AtlasMenu/...ts.url

android-10-x64

AtlasMenu/...ts.url

android-11-x64

AtlasMenu/...ts.url

android-9-x86

AtlasMenu/...ts.url

macos-10.15-amd64

1

AtlasMenu/...ts.url

debian-9-armhf

AtlasMenu/...ts.url

debian-9-mips

AtlasMenu/...ts.url

debian-9-mipsel

AtlasMenu/...ts.url

ubuntu-18.04-amd64

AtlasMenu/...er.exe

windows7-x64

7

AtlasMenu/...er.exe

windows10-1703-x64

7

AtlasMenu/...er.exe

windows10-2004-x64

7

AtlasMenu/...er.exe

android-10-x64

AtlasMenu/...er.exe

android-11-x64

AtlasMenu/...er.exe

android-9-x86

AtlasMenu/...er.exe

macos-10.15-amd64

1

AtlasMenu/...er.exe

debian-9-armhf

AtlasMenu/...er.exe

debian-9-mips

AtlasMenu/...er.exe

debian-9-mipsel

AtlasMenu/...er.exe

ubuntu-18.04-amd64

Resubmissions

26/08/2023, 19:07

230826-xsvehaed9v 7

26/08/2023, 19:07

230826-xslscscf74 7

26/08/2023, 19:02

230826-xpv7maed8v 7

26/08/2023, 19:01

230826-xpevmsed8s 7

26/08/2023, 18:59

230826-xm74eacf59 7

26/08/2023, 18:55

230826-xlarhsed7t 7

Analysis

  • max time kernel
    690s
  • max time network
    616s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    26/08/2023, 19:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AtlasMenu/Launcher.exe

  • Size

    3.9MB

  • MD5

    d584177d5cc323e38cf83b84ca6a5892

  • SHA1

    9e99946c6297fd282e15656388c6b02b16d2d411

  • SHA256

    d67ef89bf353873771d073814192d2b63aff0df4aa683a84c60700a3301f0cc0

  • SHA512

    4a6407d54ff53660b426c69220fbf9c51e3a2e4701f7635a38b0e1c10ff53e3ff53fc63624eb3884ac55e09b092d6a53536cd85e0b2ef05604bbf028722df6e3

  • SSDEEP

    98304:kJamBeGILgwkjR5mXt67Yb04oCdlhsgT/R805MBn1T5:sxBefs3YA7HkJsgLe06Bnr

Score
7/10
themida

Malware Config

Signatures

  • Themida packer 2 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AtlasMenu\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\AtlasMenu\Launcher.exe"
    1⤵
      PID:3068
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:2908
      • C:\Windows\system32\cmd.exe
        "C:\Windows\system32\cmd.exe"
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1656
        • C:\Windows\system32\ipconfig.exe
          ipconfig
          2⤵
          • Gathers network information
          PID:3016
      • C:\Windows\SysWOW64\DllHost.exe
        C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
        1⤵
          PID:2044
        • C:\Windows\system32\cmd.exe
          "C:\Windows\system32\cmd.exe"
          1⤵
          • Suspicious use of WriteProcessMemory
          PID:660
          • C:\Windows\system32\taskmgr.exe
            taskmgr
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            PID:1852

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1852-3-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/1852-4-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/1852-5-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/1852-6-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/3068-1-0x000000013FC40000-0x0000000140664000-memory.dmp

          Filesize

          10.1MB

          Download

        • memory/3068-2-0x000000013FC40000-0x0000000140664000-memory.dmp

          Filesize

          10.1MB

          Download